Getting Comfortable With The Basics

Security

1 2 3 6

– Major SMS security lapse is a reminder to use authenticator apps instead

Major SMS security lapse is a reminder to use authenticator apps instead By Jon Porter, www.theverge.com

A recent data breach has exposed a database of around 26 million text messages containing private customer information, reports TechCrunch. In addition to the privacy concerns, the breach also highlights the dangers of relying on SMS messages for receiving two-factor authentication codes or account reset links, which sees sensitive information sent over an unencrypted communications platform.

Google Brings Enhanced Network Features to Project Fi

Google Brings Enhanced Network Features to Project Fi By Paul Thurrott, www.thurrott.com

Google announced today that it is introducing enhanced networking functionality to its Project Fi wireless network. Among the changes are improvements to the Project Fi VPN and a faster, more seamless way to intelligently switch between Wi-Fi and cellular networks.

Privacy.com: Protect Your Bank Accounts

Privacy.com: Protect Your Bank Accounts By Justin, operational-security.com

It is no secret that I am a major fan of Blur, the privacy service that allows you to mask your email address and phone number. One of my favorite features of Blur is credit card masking – the ability to create one-time-use credit card numbers that are billed to your real credit card. A new service has come along that allows you to create one-time use credit card numbers. The service is a little bit different than Blur, and has some advantages and disadvantages. It is called Privacy.com.

– Why You Should Start Using Two-Factor Authentication Now

Why You Should Start Using Two-Factor Authentication Now By Cristina Chipurici, heimdalsecurity.com

Imagine waking up on a splendid spring day, opening your laptop and realising that you can’t access your online accounts anymore. Your email has been breached, your website, your most precious work, is now gone, and your credit card was used for shady transactions.

In a nutshell, this is what I experienced almost 6 years ago. 


Two-factor authentication is a mess By Garret Beard, Russell Brandom, www.theverge.com

For years, two-factor authentication has been the most important advice in personal cybersecurity — one that consumer tech companies were surprisingly slow to recognize. The movement seemed to coalesce in 2012, after journalist Mat Honan saw hackers compromise his Twitter, Amazon, and iCloud accounts, an incident he later detailed in Wired. At the time, few companies offered easy forms of two-factor, leaving limited options for users worried about a Honan-style hack. The result was a massive public campaign that demanded companies to adopt the feature, presenting two-factor as a simple, effective way to block account takeovers. 


Beyond Passwords: 2FA, U2F and Google Advanced Protection by www.troyhunt.com

Last week I wrote a couple of different pieces on passwords, firstly about why we're going to be stuck with them for a long time yet and then secondly, about how we all bear some responsibility for making good password choices. A few people took some of the points I made in those posts as being contentious, although on reflection I suspect it was more a case of lamenting that we shouldn't be in a position where we're still dependent on passwords and people needing to understand good password management practices in order for them to work properly. 


Two Factor Auth (2FA) List – List of websites and whether or not they support 2FA.

Why you should use a password manage

Why you should use a password manager By Jack Wallen, www.techrepublic.com

Your password is weak. Is it your birthday? The birthday of your kids? Your anniversary? Or is it password123? Consider this: It only takes 14.17 minutes to crack a nine-digit password (such as 123456789) that consists of the numbers 1-9. Using a botnet or supercomputer, that same password can be cracked in .0085 seconds. So that weak-sauced password you use for every account you have can be hacked pretty easily.

What is phishing?

What is phishing? How this cyber attack works and how to prevent it By Josh Fruhlinger, www.csoonline.com

Phishing is a cyber attack that uses disguised email as a weapon. The goal is to trick the email recipient into believing that the message is something they want or need — a request from their bank, for instance, or a note from someone in their company — and to click a link or download an attachment.


Phishing Is the Internet’s Most Successful Con By Quinn Norton, www.theatlantic.com

In the classic 1973 heist movie The Sting, two con men—played by Robert Redford and Paul Newman—build a fictitious world in a Depression-era Chicago basement to defraud a corrupt banker. They make an offtrack-betting room, hire actors to ensure the scene is convincing, and even enlist pretend law enforcement to fake-bust their mark. The film is memorable because it is one of the finest movies in the genre, well written and funny, but also because the duo’s work is so meticulously detailed.

SIM Swappers and SIM Swap Myths

Busting SIM Swappers and SIM Swap Myths by krebsonsecurity.com

KrebsOnSecurity recently had a chance to interview members of the REACT Task Force, a team of law enforcement officers and prosecutors based in Santa Clara, Calif. that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. 

– How to spot a phishing email

How to spot a phishing email By Andrew Burton, www.carbonite.com

Phishing and other social engineering attacks are only increasing in frequency, and unfortunately, sophistication. However, there are a number of common indicators of a phishing attack. Knowing what to look for goes a long way to protect yourself against attacks. If you spot any of the following tip-offs, proceed with caution.

Secure Your Accounts and Passwords With a Hardware Token

Secure Your Accounts and Passwords With a Hardware Token By David Murphy, lifehacker.com

Two-factor authentication is a quick, easy way to add extra security to your accounts (or password managers). For even more security and peace of mind, consider buying a hardware token like the YubiKey or Google Titan. They’re incredibly easy to set up, and as long as you keep the USB accessory on or near you—on your keyring, for example—you’ll be able to authenticate into supported accounts and services as quickly as typing in a password. And since nobody else will have your hardware authenticator, your accounts will be protected from other attackers.

-Common Types of Two-Factor Authentication

A Guide to Common Types of Two-Factor Authentication on the Web By Jacob Hoffman-andrews, www.eff.org

Two-factor authentication (or 2FA) is one of the biggest-bang-for-your-buck ways to improve the security of your online accounts. Luckily, it's becoming much more common across the web. With often just a few clicks in a given account's settings, 2FA adds an extra layer of security to your online accounts on top of your password.


The Different Forms of Two-Factor Authentication: SMS, Autheticator Apps, and More By Chris Hoffman, www.howtogeek.com

Many online services offer two-factor authentication, which enhances security by requiring more than just your password to sign in. There are many different types of additional authentication methods you can use.

Two-Factor Authentication: Who Has It and How to Set It Up

Two-Factor Authentication: Who Has It and How to Set It Up By Eric Griffith, www.pcmag.com

In 2014, the Heartbleed exploit left everyone's login information potentially up for grabs thanks to one itty-bitty piece of code, and in the past few years, our security nightmares have only gotten worse. In fact, more data was leaked in the first half of 2017 than in all of 2016 combined.

Use Your Password Manager for Security Answers, Too

Use Your Password Manager for Security Answers, Too By David Murphy, lifehacker.com

It’s been a while since I’ve had to type in some stupid answer to a made-up question when creating an account on a new service. You know what I’m talking about: Forget your password, and you can regain access to your account by typing in the name of your first pet (Mr. Mrglglrm), your favorite sports team (Saskatoon Sirens), or the street you grew up on (Third Street).

Google Advanced Protection Program

Google Advanced Protection Program by landing.google.com

What is phishing?
Phishing is a common technique that can be used to trick you into giving away your username, password, 2-Step Verification code, or other personal information. Phishing attacks can happen through a variety of channels, including email, telephone, text message, or in apps.How does Advanced Protection defend against phishing?
Advanced Protection requires you to use a physical Security Key.

LastPass Authenticator Makes Two-Factor Easy

LastPass Authenticator Makes Two-Factor Easy By Amber Gott, blog.lastpass.com

Exciting news! Today we’re introducing LastPass Authenticator, a free two-factor authentication app for your LastPass account and other supported services. LastPass Authenticator offers simple, secure two-factor authentication by generating 6-digit, time-based passcodes or sending you a push notification for one-tap login to LastPass. With a user-friendly experience, simple set-up, and convenient push notifications, LastPass Authenticator is an ideal option for you to boost your security.

Can You Trust Your Browser With Credit Card Information?

Can You Trust Your Browser With Credit Card Information? By Dan Price, www.makeuseof.com

You’re shopping online; you find the perfect item, proceed to checkout, and pay. Your browser remembers your username. It might even remember your password, based on what you’ve entered in the past.

But then it asks whether you want it to save your credit card information. Can you trust your browser with keeping that secure? 

– Google Doesn’t Just Let Apps Read Your Email

No, Google Doesn’t Just Let Apps Read Your Email by howtogeek.com

There’s a story spreading in the news today that Google is letting companies scan through your email and sell the data, but this is really misleading. So what’s actually going on?

The way the story is framed makes it sound like something very nefarious is being allowed. Google is letting companies scan my Gmail account?


Opinion: Why does no one get how email apps and Gmail add-ons work? By Corbin Davenport, www.androidpolice.com

There are legitimate security concerns about Google, most recently around its handling of user location data. However, there are a growing number of media outlets and U.S government officials bashing the company for allowing Gmail add-ons and third-party mail clients to read user messages – which is required for them to function.

Are Your Password Security Habits Improving

Are Your Password Security Habits Improving? (Infographic) by entrepreneur.com

From the French presidential election to Gmail, a number of incidents have unfolded this year revealing how vulnerable our online security is. That’s why it’s more important than ever to make sure you go above and beyond to secure your digital privacy. And that can be as simple as changing your password every once in awhile.

– 5 best password managers for Android

The 5 best password managers for Android by androidpolice.com

Our accounts hold invaluable information about us — about our work, our finances, and our social lives. Keeping that information safe from prying eyes is paramount, and to do that, we need solid passwords. Assuming you're a typical person living in the modern age, you probably have accounts and passwords for about a million websites and services, and it can be hard to keep them all straight. Password managers take the onus of remembering dozens and dozens of (hopefully) unique strings of characters off our stupid brains, and once you've used one, it's hard to imagine going without. 

Credit freeze: A freebie that you actually want

Credit freeze: A misunderstood freebie that you actually want by freep.com

On Sept. 21, the three big credit reporting agencies will have to give consumers credit freezes for free.

Just one year ago, consumers woke up and discovered that hackers had one heck of a field day with their Social Security numbers and other information in a massive data breach at Equifax. 


Credit Freezes Will Soon Be Free by lifehacker.com

With the one-year anniversary of the Equifax breach just behind us, here’s a reminder that you will be able to freeze your credit reports and sign up for year-long fraud alerts for free starting Sept. 21 thanks to a federal law passed earlier this year. 


Know the difference between a fraud alert and a credit freeze by komonews.com

It's been one year since Equifax let us know that hackers stole the personal information of half the adults in the country. But a surveyshows most of us have not taken steps to freeze our credit reports.

Google Titan Security Key review

Google Titan Security Key review: A $50 hardware 2FA bundle with outdated connectors by androidpolice.com

Those of us that care about our online security probably use some form of two-factor authentication to secure our most important accounts, but even the strongest password and the longest authentication code are still subject to something as simple as a phishing attack, which is why so many have switched to hardware security keys. Google helped to create the Universal 2nd Factor (U2F) hardware authentication standard, and now it's releasing its own product to consumers: the $50 Titan Security Key.


How to Set Up and Use the Google Titan Key Bundle by howtogeek.com

Google recently released a set of two-factor authentication (2FA) security keys called the Titan Security Bundle. This set includes a traditional USB-based Universal Second Factor (U2F) key for use on a computer and a combination Bluetooth/USB key for mobile. Here’s how to get it all set up.

Two-Step Authentication on Your Microsoft Account

How to Set Up Two-Step Authentication on Your Microsoft Account by lifehacker.com

If we’ve said it once, we’ve said it a million times: You should use two-factor authentication everywhere you can. It’s an easily enacted security measure that should give you a lot more peace of mind. 

Technically, Microsoft protects its apps with “two-step verification” rather than two-factor verification. 

Google’s hardware 2FA Titan Security Keys

Google's hardware 2FA Titan Security Keys available starting today for $50 at the Google Store by androidpolice.com

If you're conscious of your own digital security in the modern era, then odds are you use two/multi-factor authentication to secure your more important accounts, but not all methods are equal. If you're especially concerned — or especially "high value" in security terms — hardware-based keys are the better choice, as they offer additional protections against things like phishing attacks. And starting today, those invested heavily into Google's ecosystem can pick up the previously announcedTitan Security Keys over on the Google Store.


What it's like to live under the Google Advanced Protection Program by androidcentral.com

I am not what I'd call a Very Important Person. I still consider myself a journalist of sorts (and it's what's on my college degree), but I wouldn't say I practice it in the way I did back when I made newspapers. I also am neither an activist, business leader, or am on a political campaign team.

Am I really a candidate for Google's Advanced Protection Program? Do I really need the strongest account security Google offers publicly?

Google’s New Gmail Features

Gmail’s biggest redesign is now live by theverge.com

The world’s most popular email service is getting a big overhaul today. Google is making official the changes we saw leaked earlier this month, with email snoozing, nudging, and confidential mode making their debut alongside a substantial visual redesign for Gmail on the web. The new Gmail begins a global phased rollout today, which is to say that it won’t be available to every one of Gmail’s 1.4 billion users right away, and the first to get it will be invited to opt in rather than being able to just turn it on themselves.


Google’s New Gmail Features and How Best to Use Them by tech.co

This year, Gmail’s 1.4 billion users are getting their first major upgrade since 2011. From a game-changing “snooze email” function to the exciting option to make sent messages “self-destruct”, we run through the key features of the new Gmail upgrade.


How to Find Contacts in the New Gmail by howtogeek.com

The new Gmail started rolling out last week, and it’s awesome. But many people are asking the same question: where did Contacts go?

The previous version of Gmail, now called “Classic Gmail,” had a drop-down at the top-left for quick access to Contacts and Tasks.


Google will force you to switch to the new Gmail whether you want it or not — here's when you'll get it by businessinsider.com

Google recently announced a massive update to its popular email platform. So far, it's given personal account holders and company admins (who run company's G Suite accounts) the choice to leave their Gmail inboxes as-is, or to opt into the new Gmail, which comes with a new look and a lot of new features. If they don't enjoy the experience, users and admins are welcome to opt back out.

That's no longer going to be the case in a matter of months, as Google announced


How to undo the Gmail update – and what features you'll miss if you do by independent.co.uk

The new Gmail update features a snooze email function, a fresh design and a 'confidential mode' that protects outgoing emails.

However hundreds of Gmail users took to social media to complain about Google's new design. Fortunately for them, there is a way to switch it back to the old version, but only for a limited time.

 

Create virtual cards that protect your money

Create virtual cards that protect your money. at privacy.com

Privacy is the safest and easiest way to shop online.

Freeze, unfreeze, and set spending limits. Get real cashback rewards. Take control of your money.

Privacy provides a service that allows you to checkout online without sharing your real credit or debit card information online. We allow you to use any name and billing address with the merchant you would like, so your private information remains secure and private.


Privacy.com Review by echeck.org

When you pay for something online, you are putting your financial and personal details at risk. No matter which form of payment you use, there is always a risk, and there is no way for you (the consumer) to know just how big or small the risk is. The sheer number of massive hacks and leaks over the last ten years is proof enough that we have no idea how safe our payment information really is. Privacy.com adds another layer of privacy.


Privacy.com's virtual Visas are burner debit cards that keep online shoppers safe by pcworld.com

Slinging your credit card information all over the web may be the norm when you’re online shopping, but playing fast and loose with those precious numbers is just begging for identity theft to happen. A new company dubbed Privacy.com thinks it has a solution to the problem. Instead of handing out your actual debit and credit card numbers, Privacy.com lets you create “virtual” debit cards that are locked for use with a single vendor, or “burner” cards that are valid only for one-time use.


One Response to Privacy.com Review: Get Virtual Card Numbers which Allow Using Any Name & Address by doctorofcredit.com

Privacy.com allows consumers to make payments online safely and anonymously. For security or privacy reasons, people don’t always want to use their regular payment methods online and expose their card/bank details, name, and address to random online vendors.


Privacy.com is a VPN for credit cards by theverge.com

In 2016, it’s remarkably hard to buy something anonymously. Bitcoin would be the easiest way, but most places don’t accept it. Even walking into a store and paying cash, there’s a decent chance you’ll be asked for your name and zip code. Paying online is even harder. Use a credit card or a traditional payment service and the odds are your purchase will end up in an anonymized database, used to target you the next time advertisers want to find someone who’s bought a burrito, a pair of jeans, or a lamp in the last month.


 

LastPass Authenticator

LastPass Authenticator by logmeininc.com

LastPass Authenticator is a multifactor app for Android, iOS, and Windows mobile devices. It supports 3 ways to log in:

  • Time based 6-digit codes
  • One-tap push notifications
  • SMS 6-digit codes

LastPass Authenticator is also TOTP compliant, meaning it’s compatible with all apps and websites that support Google Authenticator. That means you can conveniently manage Multifactor Authentication for multiple services, all from LastPass Authenticator.

How to add a USB 2FA key to your Google account without activating Advanced Security

How to add a USB 2FA key to your Google account without activating Advanced Security by androidcentral.com

We've gone over why using two-factor authentication on your online accounts is a good idea, and showed you how to set it up for your Google account as well as how to get started with Authy if you use more than one phone or computer. But we're not done yet!

Your Ultimate Guide to Password Security

'12345' Is Really Bad: Your Ultimate Guide to Password Security by pcmag.com

In a recent PCMag survey on passwords, only 24 percent of respondents reported using a password manager. The rest of you have a serious problem. It's almost certainly true that you are using passwords that are easy to remember, which makes them easy to crack. Furthermore, the plethora of sites you visit that require logins probably means that you recycle the same passwords over and over, too. Maybe you think that securing your online accounts is unimportant, or too much trouble. Trust us, that's not the case. Using bad passwords can have serious consequences.


Google Advanced Protection Program: Everything you need to know by androidcentral.com

Google takes account security very seriously. You may be giving up more of your privacy than you like by using Google services and hardware, but that's not the same thing as account security — and Google takes some pretty big steps to keep unauthorized users out of your account. The company also has some tools and policies designed to keep youfrom letting an unauthorized user in, like Chrome blocking websites that host malicious content. Google depends on you trusting them with your personal data as its business model. Playing fast and loose with security is a great way to lose that trust and Google knows it.

Avoid Getting Locked Out When Using Two-Factor Authentication

How to Avoid Getting Locked Out When Using Two-Factor Authentication by howtogeek.com

Two-factor authentication secures your accounts with code in addition to your password. You can’t get in without the code sent to your phone. But what happens if you lose or reset your phone? If you don’t plan your recovery method ahead of time, you could permanently lose access to your accounts.


The Ugly Side of Two-Factor Authentication by elcomsoft.com

Two-factor authentication is great when it comes to securing access to someone’s account. It’s not so great when it gets in the way of accessing your account. However, in emergency situations things can turn completely ugly. In this article we’ll discuss steps you can do to minimize the negative consequences of using two-factor authentication if you lose access to your trusted device and your trusted phone number. In order to keep the size of this text reasonable we’ll only talk about Apple’s implementation, namely Two-Step Verification and Two-Factor Authentication.

This article will help you with:

  • Two-Factor Authentication in Emergencies
  • Using Find My iPhone if Two-Factor Authentication Is Enabled
  • Setting Up a New iPhone
  • Reinstating Access to Apple ID: Apple Two-Step Verification
  • Reinstating Access to Apple ID: Apple Two-Factor Authentication
  • Preparing for Emergencies

 

1 2 3 6
Tech News by Topic